name: build

concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true

on:
  push:
    branches:
      - 'main'
      - 'release/*'
    tags:
      - 'v*'
  pull_request:

env:
  DOCKERHUB_SLUG: distribution/distribution
  GHCR_SLUG: ghcr.io/${{ github.repository }}

permissions:
  contents: read # to fetch code (actions/checkout)

jobs:
  test:
    runs-on: ubuntu-latest
    strategy:
      fail-fast: false
      matrix:
        go:
          - 1.21.8
          - 1.22.1
        target:
          - test-coverage
          - test-cloud-storage
    steps:
      -
        name: Checkout
        uses: actions/checkout@v4
      -
        name: Set up Go
        uses: actions/setup-go@v5
        with:
          go-version: ${{ matrix.go }}
      -
        name: Test
        run: |
          make ${{ matrix.target }}
      -
        name: Codecov
        uses: codecov/codecov-action@v4
        with:
          directory: ./

  build:
    permissions:
      contents: write # to create GitHub release (softprops/action-gh-release)
      packages: write # so we can push the image to GHCR

    runs-on: ubuntu-latest
    needs:
      - test
    steps:
      -
        name: Checkout
        uses: actions/checkout@v4
        with:
          fetch-depth: 0
      -
        name: Docker meta
        id: meta
        uses: docker/metadata-action@v5
        with:
          images: |
            ${{ env.DOCKERHUB_SLUG }}
            ${{ env.GHCR_SLUG }}
          ### versioning strategy
          ### push semver tag v3.2.1 on main (default branch)
          # distribution/distribution:3.2.1
          # distribution/distribution:3.2
          # distribution/distribution:3
          # distribution/distribution:latest
          ### push semver prelease tag v3.0.0-beta.1 on main (default branch)
          # distribution/distribution:3.0.0-beta.1
          ### push on main
          # distribution/distribution:edge
          tags: |
            type=semver,pattern={{version}}
            type=semver,pattern={{major}}.{{minor}}
            type=semver,pattern={{major}}
            type=ref,event=pr
            type=edge
          labels: |
            org.opencontainers.image.title=Distribution
            org.opencontainers.image.description=The toolkit to pack, ship, store, and distribute container content
      -
        name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3
      -
        name: Login to DockerHub
        if: github.event_name != 'pull_request'
        uses: docker/login-action@v3
        with:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}
      -
        name: Log in to GitHub Container registry
        if: github.event_name != 'pull_request'
        uses: docker/login-action@v3
        with:
          registry: ghcr.io
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}
      -
        name: Build artifacts
        uses: docker/bake-action@v4
        with:
          targets: artifact-all
      -
        name: Rename provenance
        run: |
          for pdir in ./bin/*/; do
            (
              cd "$pdir"
              binname=$(find . -name '*.tar.gz')
              filename=$(basename "${binname%.tar.gz}")
              mv "provenance.json" "${filename}.provenance.json"
            )
          done
      -
        name: Move and list artifacts
        run: |
          mv ./bin/**/* ./bin/
          tree -nh ./bin
      -
        name: Upload artifacts
        uses: actions/upload-artifact@v4.3.0
        with:
          name: registry
          path: ./bin/*
          if-no-files-found: error
      -
        name: Build image
        uses: docker/bake-action@v4
        with:
          files: |
            ./docker-bake.hcl
            ${{ steps.meta.outputs.bake-file }}
          targets: image-all
          push: ${{ github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/tags/') }}
      -
        name: GitHub Release
        uses: softprops/action-gh-release@v1
        if: startsWith(github.ref, 'refs/tags/')
        with:
          draft: true
          files: |
            bin/*.tar.gz
            bin/*.provenance.json
            bin/*.sha256
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
